CSO Online

Compromised npm package silently installs OpenClaw on developer machines

While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.
CSO Online

Hackers can turn Grok, Copilot into covert command-and-control channels, researchers warn

Permissive AI access and limited monitoring could allow malware to hide within trusted enterprise traffic, thereby ...
CSO Online

Notepad++ author says fixes make update mechanism ‘effectively unexploitable’

The recently compromised update mechanism for the popular open source text editor Notepad ++ has been hardened so it’s now ...
CSO Online

Keenadu: Android malware that comes preinstalled and can’t be removed by users

Keenadu infiltrated devices by posing as legitimate system components, prompting calls for tighter controls on firmware ...
CSO Online

Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years

A suspected Chinese espionage group exploited hardcoded admin credentials in Dell RecoverPoint for Virtual Machines to deploy ...
CSO Online

PayPal launches latest struggle to get rid of SMS for MFA

Security experts have been nearly unanimous in their dislike of unencrypted SMS authentication for over a decade, but business executives — and customers — love its convenience. Cost-cutting may ...
CSO Online

Discipline is the new power move in cybersecurity leadership

Turns out the real power move in security isn’t a bigger budget — it’s cutting the clutter and proving what actually reduces ...
CSO Online

US dominance of agentic AI at the heart of new NIST initiative

The standards body is soliciting industry views on agentic security risks while ‘cementing US dominance at the technological frontier.’ ...
CSO Online

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.
CSO OnlineOpinion

A new approach for GenAI risk protection

GenAI isn’t the real problem — unmanaged data is. Smarter XDR-based protection lets teams innovate without leaking what ...
CSO Online

CISO Julie Chatman wants to help you take control of your security leadership role

Chatman, who grew her career from medical diagnostics to a cybersecurity and risk leader at the FBI, has been a mentor to ...
CSO Online

The new paradigm for raising up secure software engineers

The new challenge for CISOs in the age of AI developers is securing code. But what does developer security awareness even ...